<?php

define('IN_DOUCO', true);

require (dirname(__FILE__) . '/include/init.php');
// rec操作项的初始化
$rec = $check->is_rec($_REQUEST['rec']) ? $_REQUEST['rec'] : 'default';
$smarty->assign('rec', $rec);
$smarty->assign('cur', 'manager_role');

$smarty->assign('action_list',$_SESSION[DOU_ID]['action_list']);

//权限列表
$roleprivilege = $_LANG['manager_roleprivilege'];
//角色和权限
//$role = isset($_POST[role]) ? $_POST[role] : 'admin';
//$action_list = isset($roleprivilege[$role]) ? $roleprivilege[$role] : '';
$action_list = array();
$smarty->assign('admin_privs', $GLOBALS['admin_privs']);

/**
 * +----------------------------------------------------------
 * 角色列表
 * +----------------------------------------------------------
 */
if ($rec == 'default') {
    $smarty->assign('ur_here', $_LANG['manager_role']);
    $smarty->assign('action_link', array ('text' => $_LANG['manager_role_add'],'href' => 'manager_role.php?rec=add' ));
    
    $query = $dou->query("SELECT * FROM " . $dou->table('admin_role') . " ORDER BY id ASC");
    while ($row = $dou->fetch_array($query)) {
        $role_list[$row[id]] = $row;
        $role_list[$row[id]]['add_time'] = date("Y-m-d", $row['add_time']);
    }
    // 赋值给模板
    $smarty->assign('cur', 'manager_role');
    $smarty->assign('role_list', $role_list);
    $smarty->display('manager_role.htm');
}

/**
 * +----------------------------------------------------------
 * 角色添加处理
 * +----------------------------------------------------------
 */
elseif ($rec == 'add') {
    $smarty->assign('ur_here', $_LANG['manager_role']);
    $smarty->assign('action_link', array ('text' => $_LANG['manager_list'], 'href' => 'manager_role.php' ));
    // CSRF防御令牌生成
    $smarty->assign('action_list', array());
    $smarty->assign('token', $firewall->get_token());
    $smarty->display('manager_role.htm');
}
elseif ($rec == 'insert') {
    $add_time = time();
    if(empty($_POST['name'])) $dou->dou_msg($_LANG['manager_rolename_empty']);
    // CSRF防御令牌验证
    $firewall->check_token($_POST['token']);
    $action_list = @implode(',', $_POST['action_list']);
    $priv_list   = @implode(',', $_POST['priv_list']);
    $dou->query("INSERT INTO " . $dou->table('admin_role') . " (name, action_list, priv_list, add_time)" . " VALUES ('$_POST[name]', '$action_list', '$priv_list', '$add_time')");
    $dou->create_admin_log($_LANG['manager_role_add'] . ': ' . $_POST['name']);
    $dou->dou_msg($_LANG['manager_role_add_succes'], 'manager_role.php');
} 

/**
 * +----------------------------------------------------------
 * 角色编辑
 * +----------------------------------------------------------
 */
elseif ($rec == 'edit') {
    $smarty->assign('ur_here', $_LANG['manager_role']);
    $smarty->assign('action_link', array ('text' => $_LANG['manager_list'],'href' => 'manager_role.php' ));
    // 验证并获取合法的ID
    $id = $check->is_number($_REQUEST['id']) ? $_REQUEST['id'] : '';
    $manager_info = $dou->get_row("SELECT * FROM ".$dou->table('admin_role')." WHERE id='$id'");
    // CSRF防御令牌生成
    $action_list = $manager_info['action_list'] == 'ALL' ? 'ALL' : explode(',', $manager_info['action_list']);
    $priv_list   = $manager_info['priv_list']   == 'ALL' ? 'ALL' : explode(',', $manager_info['priv_list']);
    //print_r($manager_info);
    $smarty->assign('token', $firewall->get_token());
    $smarty->assign('manager_info', $manager_info);
    $smarty->assign('action_list', $action_list);
    $smarty->assign('priv_list', $priv_list);
    $smarty->display('manager_role.htm');
} 
elseif ($rec == 'update') {
    $manager_info = $dou->get_row("SELECT * FROM ".$dou->table('admin_role')." WHERE id='{$_POST['id']}'");
    $action_list = '';
    if(empty($_POST['name'])) $dou->dou_msg($_LANG['manager_rolename_empty']);
    // CSRF防御令牌验证
    $firewall->check_token($_POST['token']);
    $action_list = @implode(',', $_POST['action_list']);
    $priv_list   = @implode(',', $_POST['priv_list']);
    $dou->query( $dou->update_sql('admin_role', array('name'=>$_POST['name'],'action_list'=>$action_list,'priv_list'=>$priv_list), "id='$_POST[id]'") );
    $dou->create_admin_log($_LANG['manager_role_edit'] . ': ' . $_POST['name']);
    $dou->dou_msg($_LANG['manager_role_edit_succes'], 'manager_role.php');
} 
/**
 * +----------------------------------------------------------
 * 角色删除
 * +----------------------------------------------------------
 */
elseif ($rec == 'del') {
    // 验证并获取合法的ID
    $id = $check->is_number($_REQUEST['id']) ? $_REQUEST['id'] : $dou->dou_msg($_LANG['illegal'], 'manager_role.php');
    $name = $dou->get_one("SELECT name FROM " . $dou->table('admin_role') . " WHERE id = '$id'");
    if (isset($_REQUEST['confirm']) ? $_REQUEST['confirm'] : '') {
        $count = $dou->get_one("SELECT count(*) count FROM ".$dou->table('admin')." WHERE role_id = '$id'");
        if($count > 0) $dou->dou_msg($_LANG['manager_role_has_admin']);
        $dou->create_admin_log($_LANG['manager_role_del'] . ': ' . $name);
        $dou->delete($dou->table('admin_role'), "id = $id", 'manager_role.php');
    } else {
        $_LANG['del_check'] = preg_replace('/d%/Ums', $name, $_LANG['del_check']);
        $dou->dou_msg($_LANG['del_check'], 'manager_role.php', '', '30', "manager_role.php?rec=del&id=$id");
    }
}


?>